When compliance staff are undertrained and stretched thin, lawbreaking can flourish.
When Kweku Adoboli madeĀ unauthorized trades that led to a $2.3 billion loss for UBS in September 2011, shock waves rippled through the boardrooms of financial services companies worldwide. Such a staggering setback on the heels of the financial crisis dealt a severe blow to UBSās reputation, triggering the resignation of its CEO, Oswald GruĢbel. Was this a sign that many of the unethical business practices that helped cause the 2008 financial crisis were manifesting themselves again?
After all, in 2008, rogue trader Jerome Kerviel lost a whopping ā¬4.9 billion ($x.x billion) at SociĆ©tĆ© GĆ©nĆ©rale through a series of fraudulent deals. But itās not just rogue traders that boardrooms are concerned about. Embezzlement, fraud and money laundering can equally damage a companyās reputation and its bottom line. How many other rogue employees are out there committing financial crimes, and exactly whose responsibility is it to make sure that transgressions like these donāt turn into an epidemic?
A September 2011 survey of 600 compliance and anti-money-laundering staff conducted by Dow Jones Risk & Compliance and the Association of Certified Anti-Money Laundering Specialists (ACAMS) underscores the pressures that compliance departments face trying to prevent fraud and money laundering.
According to the survey, 55 percent identified additional regulations and increased enforcement as a key challenge that needed to be met in the coming year, more than 60 percent identified recruiting and training staff as key issues, and more than 40 percent of anti-money-laundering teams were burdened by increased workloads stemming from expansion into new markets.
Rupert de Ruig, managing director of Dow Jones Risk & Compliance, says his survey reveals conflicting information. Over 75 percent of senior managers focus on preventing money laundering and other illegal actions, yet 38 percent of them said compliance departments were understaffed. At a time when banks are under increasing financial pressure to raise capital and trim costs ā a trend epitomized by Bank of Americaās cutting of 30,000 jobs (10 percent of its staff) ā firms are reducing non-revenue-generating areas such as compliance, audit and risk management. When compliance and anti-money-laundering staff are overburdened, undertrained and stretched thin, it creates a climate where lawbreaking and rogue trading can flourish.
Risk cultures can lead to fraud
To a considerable extent, the losses at companies such as UBS and SociĆ©tĆ© GĆ©nĆ©rale stem from the ārisk cultureā established at these firms, explains John Hull, who teaches risk management at the University of Torontoās Rotman School of Management.
āThereās a tendency to turn a blind eye when someoneās making a profit and taking a risk,ā he says. If trading turns into a loss, the culture encourages taking more risks to recoup the money, resulting in a downward spiral, like a gambler in Vegas doubling on his bets. āThe person is encouraged to double up and eventually a disaster happens,ā Hull says. āItās about the ability to set risk limits.ā
Furthermore, the two rogue traders at UBS and SociĆ©tĆ© GĆ©nĆ©rale were insiders who knew how to circumvent internal controls. āBoth these traders had back office experience,ā Hull says. āThey knew when internal checks were carried out.ā Hull says board members have told him that ādirectors canāt possibly understand the complex financial transactionsā these traders engage in.
But he insists that boards at financial service firms must choose directors with complex financial know-how, just like insurance companies should select directors who understand underwriting. Board members donāt need to micromanage traders or visit trading floors, but they must be equipped to know āthe right questions to ask and the key aspects of a risk cultureā. Directors must be cognizant and aware of what inside traders do to circumvent rules so that they can ask pointed questions of the audit committee head presenting risk management data.
Determining what went wrong at UBS is a very complex, multifaceted issue, suggests Frances McLeod, a partner at Rhode Islandbased consulting firm Forensic Risk Alliance. She says frauds happened at these firms because ācontrols were more theoretical than actualā, technology systems werenāt integrating trades with compliance programs, and little attention was paid to personnel issues triggered by back office staff moving into trading positions.
Preventing fraud requires āprograms designed to work,staff trained to assess and evaluate the output, and creating a compliance culture,ā she says. Rewarding ethical behavior by tying bonuses to managers and staff following the rules can also play a role.
In fact, McLeod says Goldman Sachs, which has been maligned for its role in making money off customers it misled in the subprime mortgage debacle, has been playing a leadership role in compliance. Goldman ātreats prevention as an integral part of how it controls risk and bridges the divide between the profit center and cost center,ā she says. Asked to elaborate, a Goldman Sachs spokesperson declined to answer any questions.
Maintaining your reputation
When these scandals occur, the loss to a firm transcends dollars and cents. Reputation risk is a major liability, notes John Byrne pictured right, an executive vice president at ACAMS. Firms may not lose business on a day-to-day basis, but the negative publicity can erode consumer confidence in the organization. Moreover, regulatory agencies increase their oversight and provide more resources to cover firms that have been penalized.
In some cases these illegal practices lead to more severe consequences, such as the money-laundering debacle that caused Riggs Bankās demise in 2005. The failure of Riggs Bank, along with other recent trading fiascos, sends a powerful message to boards that risk management must be made a priority. Byrne says Riggs Bank ādidnāt have strong policies and procedures and didnāt provide up-to-date staff trainingā, and it paid the price for its indifference. The message to boards is that ābanks canāt police themselves,ā Byrne concludes. Moreover, the breadth of experience needed to prevent these crimes is intensifying, covering cyber-security, global corrupt practices and new anti-moneylaundering schemes.
Banks must file suspicious activity reports to the Financial Crimes Enforcement Network, and internal auditors are required to notify federal agencies when major controls at a bank arenāt working or serving as a deterrent. However, William Kowalski, who spent 25 years with the FBI and is now director of corporate investigations at Rehmann Corporate Investigative Services, says most federal agencies āinvestigate current crimes and use the punishment as a deterrent; theyāre not in the prevention business.ā
One deterrent that the FBI has stepped up is holding individual executives criminally responsible for a companyās wrongdoing. When Latin Node, a Miamibased telecommunications company, was found guilty of bribing Honduran officials and defying the Foreign Corrupt Practices Act in May 2011, its CEO and three other executives faced up to five years in prison and fines of $250,000.
Assistant Attorney General Lanny Breuer has said that āCEOs and other corporate executives should know that violating the Foreign Corrupt Practices Act will lead to criminal prosecution.āKowalski says that everyone involved in identifying a firmās controls ā internal auditors, external auditors, the CFO, compliance staff ā should collaborate with federal agencies to minimize the chances of financial crimes happening.
Increasingly he sees CFOs playing a major role in preventing malfeasance, but audit teams need to remain independent from CFOs to maintain their autonomy. Most firms employ early detection software programs that provide notification of impending fraud or money laundering, but experts note that these systems are only as good as the staff overseeing them. āThe key is that an official must take action to investigate once a risk is identified,ā Kowalski says. Furthermore, thieves and rogue traders operate like bank robbers, always exploiting the latest hole or weakness in the system; staying one step ahead can help expose them.
Reducing crime risks
If a rogue trader is intent on stealing or committing fraud, it is difficult to prevent the crime from happening. āThe frauds weāve seen might not have been prevented, but they could have been recognized earlier,ā Kowalski, pictured left, says. Thatās why risk assessments are made, weaknesses are highlighted and stringent controls are implemented. Cutbacks at financial firms are raising red flags and creating an atmosphere conducive to committing fraud. āWe see fraud happen most often because of a lack of segregation of duties,ā Kowalski says. As banks cut back on staff and have only one person in charge of overseeing trades, internal controls diminish and the chances of fraud increase.
Corporate secretaries can play a role in setting the agenda of boards and helping them to focus on highrisk areas for potential fraud. Corporate secretaries need to be well-versed in regulations, should know by geography where the highest risks are, and should know whether products and services are being sold by the firm directly or through intermediaries, de Ruig says.
In most cases where fraud has taken place at a firm, Kowalski says boards had become a ārubber stampā for the CEOās or CFOās recommendations. In order to deter fraud, board members must take a leadership role in providing oversight, ask the right follow-up questions and take a more skeptical approach to unearth the underlying risk factors that can cause financial and reputation loss.
Kowalski suggests that boards establish open communication with lower-level employees involved in controls who can point out the gaps and weaknesses or serve as whistleblowers if major crimes are being committed. He also recommends that firms create an intermediary, such as an HR director or compliance leader, who can serve as a focal point for information, either anonymous or attributable. Inquiries must be handled with diplomacy, tact and confidentiality to keep the pipeline of information open. āOnce an employee makes a suggestion and gets shot down, theyāll never make one again,ā Kowalski notes.
Too often, boards āsimply never get involved in creating effective anti-fraud systems,ā says William Blake, a professor of law at the University of MissouriāKansas City and former executive director of the Institute for Fraud Prevention. He says most boards donāt view the prevention of fraud as a high priority. Blake says the majority of companies are worried about taking away the drive and gumption of traders.
Traders are invariably extremely aggressive, opportunistic risk-takers, and putting in excessive controls could inhibit their ability to make money and keep revenues flowing. āCompanies donāt want to stop traders from being ultra-aggressive, and ultimately they absorb the losses,ā he says. āBy far the leading cause of losses to a firm is internal fraud,ā Blake continues, adding that too many board members are beholden to the CEO, take cues from the CEO and fail to perform independent investigations into risk management.
Ironically, financial fraud is one of the main factors that can lead to a CEOās demise. A stronger board, containing some members who possess fraud expertise and have an independent, investigative streak, would strengthen the CEO and the company and thereby help to prevent many types of financial crimes.